I really would have liked to, but he was one of the clients. This pud added unauthorized DCs, attempted to redirect the WINS replication and make his WINS box the primary and troubleshot web development problems by adding the "everyone" group to the admins group on his web server (which also happened to be a domain controller.)

When i was told by management I could not remove his admin priveledge, I polished the resume and found another job.

The fun part is: in a couple months my new job will be pen-testing that company. VENGANCE IS MINE.....

This didnt do any harm but was extrememly stupid. When I was in irc awhile ago I used the /nickserv IDENTIFY command to log in but instead of putting a / before the command I put a . so everyone in that channel saw my password luckily no one done anything with it and I changed my password quickly but still was pretty stupid.

Immediatley after giving a family member a lecture on how stupid most users are and how little they understand about security, I left my laptop and briefcase in my driveway and drove to work (I put it down to move something else in my driveway).

It was 1996, I had bought a old box and I wanted to try linux so I borrowed a Redhat 5.* (don't remember the version correctly) disc of a friend and started to install a webserver (full install with all applications and they were put in init.d). After 3 weeks I got a call from a sysadmin from Sunet (it's a big gigabit network in Sweden(www.sunet.se)), and he said that I had killed alot of their boxes, I had no idea what he talk about but as you can imagine at this point I got hacked really quickly. That was about what I had to say about it .

I was doing a vulnerability scan using Nessus for work one night, and kicked of the scan 'bout 10PM. I was doing it over a dialup link, and I kept getting disconnected, so I stayed up all night baby sitting the scan, and cursing my ISP. (Staying up all night is no mean feat at my age )

The next day, I realised that I'd forgotten to disable the ATH0 exploit!

Threw it together early in the morning as the last item on my todo list... (This will always get ya) I simply made the mistake of taking a HTTP passed variable and issuing it directly to a local linux app...

Realized the mistake the next morning, when the *thoughtful* intruder snagged dir structures of all of my home/office machines through an 'ls' of my /mnt dir.

Not necessarily my worst security blunder, but one made by a co-worker that I discovered one bored saturday night.

Netbios was being exported to the world, as was LDAP/ Active Directory and a copy of surf control with a tree recursing bug in.

My what a shock they got when they read the e-mail I has sent them over the weekend with full details of the user names, shares, etc on the mail server (the one that was exporting all the above things).

Im living in Holland, and KPN (our phone company) is very weird...
they know about the follwing and yet wont do anything against it

My cousin and a lot of other ppl here in holland got hacked by some company, wich went calling sex-lines with their phone account
luckily my uncle read the phone bill and saw SOMEONE had called a sex-line for over 12 hours!! (he first blamed his kids )

LOL to all of you. I think we've all made mistakes, and hopefully some of us (at least I have) learned from them.

My worst blunder ever I commited about a year ago. I was setting up Windows 2K Advanced Server, and before I did updates or ANYTHING I hooked it up behind the router. I got distracted, as my g/f wanted me to come home, etc. So, I left this unprotected box, chilling behind the router, IN FRONT of the firewall, because I didn't notice where I was placing it. I also had the Telnet service running, with Guest and Guest (UID and PWD) with full r00t access.

I was pwnd in under 8 hours. Call it a lucky strike, or an act of God, but I lost EVERYTHING. It wasn't even a good h4ckz0r who wants to use my comp to attack someone else... NOOOO, it was a frigging l4m3 kid who formatted everything,

At the school i work at we had a program called Networx. Or something to that extent which was a remote network admin program. It was good. and kept the average user inline. There were ways to exploit it but most of the students arn't that smart. Anyway the main thing was it worked. until browsing the network one of the students stumpled across a shared folder that contained the Networx install file. now that wouldn't have been a problem apart from the Txt file that contained the password to disable it.

There was another instant of shared stuff being leaked and that was an Excel spreadsheet containing the teachers usernames and passwords.

Both these mistakes were made by the old It tech when i was a student here.